Search CSRC

In: From Database to Cyber Security Abstract: Virtualization is the dominant technology employed in enterprise data centers and those used for offering cloud computing services. This technology has resulted in what is called a virtualized infrastructure.

Conference: 2018 IEEE International Conference on Big Data (Big Data) Abstract: When a failure occurs in a big data application, debugging with the original dataset can be difficult due to the large amount of data being processed. This paper introduces a framework for effectively generating method-level tests to facilitate debugging of big data applications. This is achieved by...

Abstract: The NISTIR 8011 volumes each focus on an individual information security capability, adding tangible detail to the more general overview given in NISTIR 8011 Volume 1, and providing a template for transition to a detailed, NIST guidance-based automated assessment. This document, Volume 3 of NISTIR 8...

Journal: IT Professional Abstract: Thousands of new words have been invented in the past decade to help us talk about technology. An analysis of the NIST computer security glossary database shows insights into how we invent and define these words and the impact of those definitions.

Journal: IEEE Security & Privacy Abstract: Cyberresiliency is the capability of an enterprise network to continuously provide (the supported missions and business processes with) essential functions in the midst of an attack campaign. It is defined as "the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stres...

Abstract: The Interagency International Cybersecurity Standardization Working Group (IICS WG) was established in December 2015 by the National Security Council’s Cyber Interagency Policy Committee. Its purpose is to coordinate on major issues in international cybersecurity standardization and thereby enhance...

Conference: 4th International Conference on Research in Security Standardisation (SSR 2018) Abstract: We discuss the development of a new format for beacons—servers which provide a sequence of digitally signed and hash-chained public random numbers on a fixed schedule. Users of beacons rely on the trustworthiness of the beacon operators. We consider several possible attacks on the users by the beaco...

Journal: Computer (IEEE Computer) Abstract: As big data, cloud computing, grid computing, and the Internet of Things reshape current data systems and practices, IT experts are keen to harness the power of distributed systems to boost security and prevent fraud. How can these systems’ capabilities be used to improve processing without inflatin...

Journal: Nature Physics Abstract: A critical milestone on the path to useful quantum computers is the demonstration of a quantum computation that is prohibitively hard for classical computers—a task referred to as quantum supremacy. A leading near-term candidate is sampling from the probability distributions of randomly chosen quant...

Abstract: This bulletin summarizes the information found in NISTIR 8202: Blockchain Technology overview which provides a high-level technical overview of blockchain technology. It discusses its application to cryptocurrency in depth, but also shows its broader applications.

Abstract: The Internet of Things (IoT) refers to systems that involve computation, sensing, communication, and actuation (as presented in NIST Special Publication (SP) 800-183). IoT involves the connection between humans, non-human physical objects, and cyber objects, enabling monitoring, automation, and deci...

Abstract: Blockchains are tamper evident and tamper resistant digital ledgers implemented in a distributed fashion (i.e., without a central repository) and usually without a central authority (i.e., a bank, company, or government). At their basic level, they enable a community of users to record transactions...

Abstract: This bulletin summarizes the NIST Automated Cryptographic Validation (ACV) Testing project. NIST selects and standardizes cryptographic algorithms as NIST-approved for use within the U.S. Federal Government. The Computer Security Division specifies the relative strength of various cryptographic algo...

Abstract: The Security Content Automation Protocol (SCAP) version 2 (v2) automates endpoint posture information collection and the incorporation of that information into network defense capabilities using standardized protocols. SCAP v2 expands the endpoint types supported by SCAP v1 through the explicit incl...

Abstract: Each year, the Federal Government spends more than $140 billion on research and development (R&D). Approximately $40 billion is used to support intramural research and Federally funded R&D centers, a relatively small portion of which goes to the National Institutes of Standards and Technolog...

Abstract: While a physical asset management system can tell you the location of a computer, it cannot answer questions like, “What operating systems are our laptops running?” and “Which devices are vulnerable to the latest threat?” An effective IT asset management (ITAM) solution can tie together physical and...

Journal: IEEE Transactions on Reliability Abstract: Cryptographic hash functions are security-critical algorithms with many practical applications, notably in digital signatures. Developing an approach to test them can be particularly difficult, and bugs can remain unnoticed for many years. We revisit the National Institute of Standards and Technolog...

Journal: Information Processing Letters Abstract: Minimizing the Boolean circuit implementation of a given cryptographic function is an important issue. A number of papers only consider cancellation-free straight-line programs for producing small circuits over GF(2). Cancellation is allowed by the Boyar–Peralta (BP) heuristic. This yields a valuabl...

Abstract: Medical devices, such as infusion pumps, were once standalone instruments that interacted only with the patient or medical provider. However, today’s medical devices connect to a variety of healthcare systems, networks, and other tools within a healthcare delivery organization (HDO). Connecting devi...

Conference: Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018) Abstract: Cryptography is an essential component of modern computing. Unfortunately, implementing cryptography correctly is a non-trivial undertaking. Past studies have supported this observation by revealing a multitude of errors and developer pitfalls in the cryptographic implementations of software product...

Conference: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom) Abstract: Data sent over the Internet can be monitored and manipulated by intermediate entities in the data path from the source to the destination. For unencrypted communications (and some encrypted communications with known weaknesses), eavesdropping and man-in-the-middle attacks are possible. For encrypted...

Conference: The 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) Abstract: Blockchain based cryptocurrencies are usually unmanaged, distributed, consensus-based systems in which no single entity has control. Managed cryptocurrencies can be implemented using private blockchains but are fundamentally different as the owners have complete control to do arbitrary activity with...

Journal: Computer (IEEE Computer) Abstract: Will our smart devices betray us? Can we trust our smart beds, pet feeders, and watches to maintain the level of privacy we want and expect? As the numbers of devices coming online reach staggering levels, serious questions must be raised about the level of cybertrust we can reasonably expect to hav...

Abstract: Healthcare providers increasingly use mobile devices to receive, store, process, and transmit patient clinical information. According to our own risk analysis, discussed here, and in the experience of many healthcare providers, mobile devices can introduce vulnerabilities in a healthcare organizatio...

Abstract: This bulletin summarizes the information found in NIST SP 800-171A: Assessing Security Requirements for Controlled Unclassified Information (CUI) which provides federal and nonfederal organizations with assessment procedures and a methodology that can be employed to conduct assessments of the CUI se...